Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation
- Severity:
- Medium
Description
In Materialize through 1.0.0, XSS is possible via the Toast feature.
Recommendation
Update the @materializecss/materialize package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.0-alpha
- Patched version(s): 1.1.0-alpha
References
Related Issues
- webpack-dev-server users' source code may be stolen when they access a malicious web site - CVE-2025-30359
- matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal - CVE-2024-50336
- Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service - CVE-2022-35204
- Unauthenticated Denial of Service in the octokit/webhooks library (GHSA-pwfr-8pq7-x9qv) 2 - CVE-2023-50728
- Tags:
- npm
- @materializecss/materialize
Anything's wrong? Let us know Last updated on August 28, 2023